diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-02 20:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-02 20:10:18 +0000 |
commit | 4a7a31cd273411ec6a52714d6720c9e9b11f7186 (patch) | |
tree | 06340b7c3e6286494a5e8d3b8b6aa457ef59a515 /data/CVE | |
parent | e45b3beaffa0271da21ba0ecd727778d2c6e0b8a (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2010.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 46 | ||||
-rw-r--r-- | data/CVE/2014.list | 13 | ||||
-rw-r--r-- | data/CVE/2019.list | 28 | ||||
-rw-r--r-- | data/CVE/2020.list | 14 |
5 files changed, 56 insertions, 49 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 34c1d56b70..3a5c822c26 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -3776,8 +3776,8 @@ CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in A NOT-FOR-US: Apple Printing CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...) NOT-FOR-US: Apple Password Server -CVE-2010-3782 - RESERVED +CVE-2010-3782 (obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...) + TODO: check CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly pro ...) - postgresql-9.0 9.0.1-1 CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 18d13e1fb1..b345c43e49 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,3 +1,7 @@ +CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) + TODO: check +CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) + TODO: check CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...) - zabbix <unfixed> [buster] - zabbix <no-dsa> (Minor issue) @@ -1333,8 +1337,7 @@ CVE-2013-7071 (Cross-site scripting (XSS) vulnerability in the handle_request fu NOT-FOR-US: Monitorix CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix before 3 ...) NOT-FOR-US: Monitorix -CVE-2013-7062 [XSS] - RESERVED +CVE-2013-7062 (Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used i ...) - zope2.12 <removed> (low) [wheezy] - zope2.12 <no-dsa> (Minor issue) - zope2.13 <not-affected> (Vulnerable code not present) @@ -3535,8 +3538,7 @@ CVE-2013-6285 (The search component in the Treasurer application in Tyler Techno CVE-2013-6275 (Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earl ...) - php-horde-ingo 3.1.3-1 (bug #727669) - ingo1 <not-affected> (Affected code not present) -CVE-2013-6242 - RESERVED +CVE-2013-6242 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...) NOT-FOR-US: Open-Xchange CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...) NOT-FOR-US: Open-Xchange @@ -6974,8 +6976,7 @@ CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intran NOT-FOR-US: Owl Intranet Knowledgebase CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11. ...) NOT-FOR-US: Claroline -CVE-2013-4752 - RESERVED +CVE-2013-4752 (Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, ...) NOT-FOR-US: Symfony HttpFoundation component CVE-2013-4751 (php-symfony2-Validator has loss of information during serialization ...) NOT-FOR-US: Symfony Validator component @@ -7574,8 +7575,7 @@ CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx. [wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice) - qemu-kvm <removed> (low) [squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice) -CVE-2013-4532 - RESERVED +CVE-2013-4532 (Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could ...) - qemu 2.1+dfsg-1 (low; bug #739589) [squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice) [wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice) @@ -9479,12 +9479,12 @@ CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination of NOT-FOR-US: Apple iOS CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 ...) NOT-FOR-US: AhnLab V3 Internet Security -CVE-2013-3946 - RESERVED -CVE-2013-3945 - RESERVED -CVE-2013-3944 - RESERVED +CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 ...) + TODO: check +CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a ...) + TODO: check +CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.3 ...) + TODO: check CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...) NOT-FOR-US: DotNetNukeDot CVE-2013-3942 @@ -9499,10 +9499,10 @@ CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attac NOT-FOR-US: XnView CVE-2013-3937 RESERVED -CVE-2013-3936 - RESERVED -CVE-2013-3935 - RESERVED +CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before ...) + TODO: check +CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...) + TODO: check CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as use ...) NOT-FOR-US: Kingsoft Office 2013 CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joom ...) @@ -10233,11 +10233,11 @@ CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management I ...) NOT-FOR-US: Intelligent Platform Management Interface CVE-2013-3621 - RESERVED -CVE-2013-3620 - RESERVED -CVE-2013-3619 - RESERVED + REJECTED +CVE-2013-3620 (Hardcoded WSMan credentials in Intelligent Platform Management Interfa ...) + TODO: check +CVE-2013-3619 (Intelligent Platform Management Interface (IPMI) with firmware for Sup ...) + TODO: check CVE-2013-3618 RESERVED CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authe ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index d2998c266c..0ead659f4a 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -15135,8 +15135,8 @@ CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php i NOT-FOR-US: WordPress plugin Style It CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in templates/download.php in ...) NOT-FOR-US: WordPress plugin SS Downloads -CVE-2014-4553 - RESERVED +CVE-2014-4553 (Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-galler ...) + TODO: check CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in library/includes/payment/p ...) NOT-FOR-US: WordPress plugin Spotlight CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in th ...) @@ -26270,8 +26270,7 @@ CVE-2014-0163 (Openshift has shell command injection flaws due to unsanitized da CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service ...) - glance 2014.1-1 [wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3) -CVE-2014-0161 - RESERVED +CVE-2014-0161 (ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify tha ...) NOT-FOR-US: ovirt-engine-sdk-python CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1 ...) {DSA-2896-1} @@ -26488,8 +26487,7 @@ CVE-2014-0105 (The auth_token middleware in the OpenStack Python client library - keystone 2013.1.1-2 [wheezy] - keystone <no-dsa> (Minor issue) NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient -CVE-2014-0104 - RESERVED +CVE-2014-0104 (In fence-agents before 4.0.17 does not verify remote SSL certificates ...) - fence-agents 4.0.17-1 (low; bug #764801) [jessie] - fence-agents <no-dsa> (Minor issue) [wheezy] - fence-agents <no-dsa> (Minor issue) @@ -26717,8 +26715,7 @@ CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in arch/x8 [wheezy] - linux <not-affected> (Introduced in 3.5) - linux-2.6 <not-affected> (Introduced in 3.5) NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b -CVE-2014-0048 [multiple files downloaded over HTTP and executed or used unsafely] - RESERVED +CVE-2014-0048 (An issue was found in Docker before 1.6.0. Some programs and scripts i ...) - docker.io 1.6.0+dfsg1-1 NOTE: According to Red Hat bug no longer present in 1.5 CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact via ve ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index a8c398db0f..d357f3d110 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...) + TODO: check CVE-2019-20224 RESERVED CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected ...) @@ -8,8 +10,8 @@ CVE-2019-20221 (In Support Incident Tracker (SiT!) 3.67, Load Plugins input in t NOT-FOR-US: Support Incident Tracker CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter in th ...) NOT-FOR-US: Support Incident Tracker -CVE-2019-20219 - RESERVED +CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...) + TODO: check CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...) - sqlite3 3.30.1+fossil191229-1 NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 @@ -12944,22 +12946,19 @@ CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A l NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925 NOTE: https://seclists.org/oss-sec/2019/q4/101 NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM -CVE-2019-14864 - RESERVED +CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...) - ansible 2.9.2+dfsg-1 (low; bug #943768) [buster] - ansible <no-dsa> (Minor issue) [stretch] - ansible <no-dsa> (Minor issue) NOTE: https://github.com/ansible/ansible/issues/63522 NOTE: https://github.com/ansible/ansible/pull/63527 -CVE-2019-14863 - RESERVED +CVE-2019-14863 (There is a vulnerability in all angular versions before 1.5.0-beta.0, ...) {DLA-1995-1} - angular.js 1.5.3-2 (bug #942833) NOTE: https://snyk.io/vuln/npm:angular:20150807 NOTE: https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a NOTE: https://github.com/angular/angular.js/pull/12524 -CVE-2019-14862 - RESERVED +CVE-2019-14862 (There is a vulnerability in knockout before version 3.5.0-beta, where ...) - node-knockout <unfixed> (unimportant; bug #943560) NOTE: https://github.com/knockout/knockout/issues/1244 NOTE: https://github.com/knockout/knockout/pull/2345 @@ -12973,8 +12972,7 @@ CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 an NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...) NOT-FOR-US: Syndesis -CVE-2019-14859 [DER encoding is not being verified in signatures] - RESERVED +CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3, where it ...) {DSA-4588-1 DLA-1978-1} - python-ecdsa 0.13.3-1 NOTE: https://github.com/warner/python-ecdsa/issues/114 @@ -23925,8 +23923,8 @@ CVE-2019-10777 RESERVED CVE-2019-10776 RESERVED -CVE-2019-10775 - RESERVED +CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful exploitati ...) + TODO: check CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command injection vulner ...) TODO: check CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...) @@ -25379,8 +25377,7 @@ CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x be NOTE: When fixing this issue is needed to make the fix complete with NOTE: https://github.com/ansible/ansible/pull/63351 to not open NOTE: CVE-2019-14856. -CVE-2019-10205 - RESERVED +CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account tokens i ...) NOT-FOR-US: Red Hat Quay CVE-2019-10204 RESERVED @@ -25574,8 +25571,7 @@ CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python NOTE: https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnera ...) NOT-FOR-US: Red Hat CloudForms Management Engine -CVE-2019-10158 - RESERVED +CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An improp ...) NOT-FOR-US: infinispan CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...) NOT-FOR-US: Keycloak diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 018c5a3815..83192f2f8a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,17 @@ +CVE-2020-5200 + RESERVED +CVE-2020-5199 + RESERVED +CVE-2020-5198 + RESERVED +CVE-2020-5197 + RESERVED +CVE-2020-5196 + RESERVED +CVE-2020-5195 + RESERVED +CVE-2020-5194 + RESERVED CVE-2020-5193 RESERVED CVE-2020-5192 |